package com.vdong.trade.trading.common.security;

import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

import java.util.Set;

public class PermisseionSManager implements ReactiveAuthorizationManager<ServerWebExchange> {

    @Override
    public Mono<AuthorizationDecision> check(Mono<Authentication> mono, ServerWebExchange serverWebExchange) {
        System.out.println("我是PermisseionSManager 进来了====");
        String path = serverWebExchange.getRequest().getURI().getPath();

        //判断url是否在对应的list中
        Set<String> strings = checkPermissions();

        /*if (strings.contains(path)) {
            //不拦截
            System.out.println("我是PermisseionSManager 进来了:" + path + ",不拦截!");
            return Mono.just(new AuthorizationDecision(true));
        }*/

        //TODO 获取request的session中的权限信息

        Object key = serverWebExchange.getSession().block().getAttribute("key");
       /* if (key == null) {
            //无权限,抛出异常
            throw new RuntimeException("");
        }*/

        /*Set<String> permissions = (Set<String>) key;

        if (!permissions.contains(path)) {
            //无权限,抛出异常
            throw new RuntimeException("");
        }*/

        return Mono.just(new AuthorizationDecision(true));
    }

    protected Set<String> checkPermissions() {
        return null;
    }

}
